Jump to content

Corporate domain - False detection of logon script


Recommended Posts

I just deployed MBAR across my domain after running it independently on a few machines.  The independent machines ran just fine, no issues for a week or so, and I decided to deploy it through my RMM tool silently to all end user workstations.  The deploy with the silent switches worked flawlessly.  However I got a call this morning that one of my staff members had a detection this morning.  Boy, I was feeling like the luckiest guy in the world with the timely install and detection catch, but I came to find out that it was detecting my Kixtart logon script executing from our AD sever (which in turn prevents the user from logging in since the script hangs and terminating the script logs the user off).  I tried to go into exclusions and add the actual file in question but no dice... it would still detect it on logon.  Oddly enough, it's only for this one user so far (out of 100 or so).

Any ideas?  I have two AD servers so I added the detection path to both servers to the exclusion list.  I have since turned off protection for this one user.  

Screenshots attached.

2016-05-27 mbarm1.JPG

2016-05-27 mbarm3.JPG

Link to post
Share on other sites

Hello Mefesto44 and :welcome:

Unfortunately, it appears as if there has been a misunderstanding.  Due to the fact that the MBARW Beta testing project is in the earliest phases of Beta, the use of MBARW Beta in any commercial/enterprise/production environment is strongly discouraged at this time.

If you would like assistance in achieving a successful uninstall of MBARW Beta, please advise in a reply to this topic.  Thank you for your interest in MBARW Beta testing project and your continued patience and understanding.

Link to post
Share on other sites

What a shame, but understandable.  This is the environment where this kind of theft is most destructive.  I was excited to hear about Malwarebytes developing this program since you all have a high standard of performance and reliability.  Please make sure to let us know when your product is available for purchase and roll out to corporate and Healthcare environments.  Our patient data and privacy is of the utmost importance.

Link to post
Share on other sites

Hello Mefesto44:

It is best if a MBARW Beta development team member answers your question as I am uncertain which, if any, Inno switches were baked into Beta6.

I have forwarded your query.

Thank you for your patience and understanding.

Edited by 1PW
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.